Re: CFS Cryptographic file system.

[Julian H. Stacey]

--- Blind-Carbon-Copy

To: Howard Goldstein <[EMAIL PROTECTED]>,
Lorenzo Perone <[EMAIL PROTECTED]>
cc: [EMAIL PROTECTED]
Subject: Re: CFS Cryptographic file system. 
From: "Julian Stacey" <[EMAIL PROTECTED]>
Organization: http://berklix.com BSD Unix Linux Consultancy, Munich Germany
User-agent: EXMH on FreeBSD http://berklix.com/free/
X-URL: http://berklix.com
In-reply-to: Your message "Wed, 11 Jun 2008 14:00:55 EDT."
<[EMAIL PROTECTED]> 
Date: Wed, 11 Jun 2008 23:51:15 +0200
Sender: [EMAIL PROTECTED]

To: Howard Goldstein <[EMAIL PROTECTED]>,
Lorenzo Perone <[EMAIL PROTECTED]>
cc: [EMAIL PROTECTED]
bcc:freebsd-ports@freebsd.org   
(bcc to avoid list dups, any follow up to fs@ I suggest)

Howard Goldstein wrote:
> Date: Wed, 11 Jun 2008 14:00:55 -0400 (20:00 CEST)
> Cc: freebsd-ports@freebsd.org

> Julian Stacey wrote:
> > Is there some replacement of /usr/ports/security/cfs 
> > (encryped file system) for 7.0 ?
> 
> It's not fully responsive to your question, and it's a little clunky, 
> but the technique at this blog entry 
> https://www.endries.org/josh/blog/posts/5 seems to show a way to run 
> geli on a file-based backingstore using the the md driver as a geom 
> provider.  I haven't tried it.

Thanks Howard, 
As I was in a rush & no quick reply to ports@, I posted a similar question
to [EMAIL PROTECTED] 12 hours or so later & later replied:

> > From: Lorenzo Perone <[EMAIL PROTECTED]>
> > Date: Tue, 10 Jun 2008 13:11:50 +0200
> > To: Julian Stacey <[EMAIL PROTECTED]>
> > Cc: [EMAIL PROTECTED]

> > > Is a crypting file system being worked on for src/ somewhere ?
> > 
> > Did you have a look at gbde / geli?
> > 
> > http://www.freebsd.org/doc/en/books/handbook/disks-encrypting.html
> 
> No, (I did have a look at doc index before I posted, but I missed this).
> Looks like what I need.
> Thanks Lorenzo

So I did this, which worked:
dd if=/dev/zero of=CRYPT_FS_IMAGE bs=10k count=50k
mdconfig -a -t vnode -f CRYPT_FS_IMAGE
mkdir /etc/gbde
gbde init /dev/md0 -i -L /etc/gbde/md0.lock
2048
random_flushuncommented
# long wait
gbde attach /dev/md0  -l /etc/gbde/md0.lock
newfs -U -O2 /dev/md0.bde
mount /dev/md0.bde /mnt

umount /mnt
gbde detach md0
mdconfig -d -u 0

I havent tried geli yet, though it has interesting extras for later.
Thanks Lorenzo & Howard.

Julian
- -- 
Julian Stacey: BSDUnixLinux C Prog Admin SysEng Consult Munich www.berklix.com
Mail just Ascii plain text.  HTML & Base64 text are spam.

--- End of Blind-Carbon-Copy
___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: CFS Cryptographic file system.

[Howard Goldstein]

Julian Stacey wrote:
Is there some replacement of /usr/ports/security/cfs 
(encryped file system) for 7.0 ?


It's not fully responsive to your question, and it's a little clunky, 
but the technique at this blog entry 
https://www.endries.org/josh/blog/posts/5 seems to show a way to run 
geli on a file-based backingstore using the the md driver as a geom 
provider.  I haven't tried it.


___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

CFS Cryptographic file system.

[Julian Stacey]

Is there some replacement of /usr/ports/security/cfs 
(encryped file system) for 7.0 ?

Julian
--
Julian Stacey: BSDUnixLinux C Prog Admin SysEng Consult Munich www.berklix.com
Mail just Ascii plain text.  HTML & Base64 text are spam.
___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "[EMAIL PROTECTED]"